SlideShare a Scribd company logo

FaultHunter workshop (SourceMeter for SonarQube plugin module)

Download as PPTX, PDF
F
FrontEndART

A workshop presentation about FaultHunter, a programming mistake locator module for SourceMeter source code analysis engine compatible with SonarQube.

Software
1 of 29
Coding Rule Violations Gábor Szőke PhD Student University of Szeged www.sed.hu 2014.04.02. FrontEndART.com 2
What do we call Coding Rule Violations? 2014.08.01. FrontEndART.com 3 • Source code patterns which indicate potential faults • These patterns come from actual bugs and include • Common programming mistakes • Bad programming habits • Performance issues • The patterns are gathered by developer communities • Documented Eclipse bug fixes • Chapters of the Effective Java book • Blog posts on the http://thedailywtf.com website
Bugs? Come on! 2014.08.01. FrontEndART.com 4 • Developers are smart. • Smart people don’t make dumb mistakes. • WRONG! • Smart people do make dumb mistakes. • Common issues: • Wrong boolean operator, missing parenthesis, etc. • Misunderstood class or method invariants
Can You Find The Bug? 2014.08.01. FrontEndART.com 5 JDK 1.6.0, b105, sun.awt.x11.XMSelection if (listeners == null) listeners.remove(listener);
Control Flow Conventions Performance Open Stream Suspicious Equals Method Use Arrays As List Avoid Catching NPE Naming Conventions Unused Constructor StringBuffer Instead Of Concat Npath Complexity Unused Imports Empty Catch Block Cloneable Implementation Too Many Fields 2014.08.01. FrontEndART.com 6 Some Frequent Anti-Pattern Categories
Example 2014.08.01. FrontEndART.com 7 • libsecurity_ssl/lib/sslKeyExchange.c OpenSSL bug
Example 2014.08.01. FrontEndART.com 8 • libsecurity_ssl/lib/sslKeyExchange.c IESMUB – If-Else Stmts Must Use Braces #gotofail
Popular Solutions 2014.08.01. FrontEndART.com 9 • CheckStyle  Coding standard checker  Highly configurable × Small amount of implemented rules × Rules are mostly for style conventions, not for fault prevention • FindBugs  Looks for bugs in Java code  Finds NPEs, typos, inconsistencies × A lot of irrelevant warnings × Does not show the roots of the problems • PMD  Open-source code violation checker  Many rules × A lot of irrelevant warnings × Several significant warning are not found
Pros and Cons Relevant warning  Issues are found during development  Trains developers (lots of skills can be learned from following coding rules!)  Reduces project costs  Increases efficiency Irrelevant warning  Creates work overhead  Developers will start ignoring coding issue warnings  Causes stress  Convinces developers that the code lacks actual coding issues even when there are a lot. 2014.08.01. FrontEndART.com 10
Can You Find The Bug? 2014.08.01. FrontEndART.com 11 // com.sun.xml.internal.txw2.output.XMLWriter try { … } catch (IOException e) { new SAXException(”Server side Exception:” + e); } // com.sun.xml.internal.txw2.output.XMLWriter try { … } catch (IOException e) { throw new SAXException(”Server side Exception:” + e); }
False Positive and True Negative hits 2014.08.01. FrontEndART.com 12 Found Faults Faults Not Faults True Negative False Positive Solution?
False Positive and True Negative hits 2014.08.01. FrontEndART.com 13 Found Faults Faults Not Faults True Negative False Positive We need a bigger boat!
False Positive and True Negative hits 2014.08.01. FrontEndART.com 14 Found Faults Faults Not Faults True Negative False Positive We need a bigger boat!
FaultHunter SourceMeter plugin for SonarQube 2014.08.01. FrontEndART.com 15
FaultHunter 2014.08.01. FrontEndART.com 16 • Advanced static analysis engine • Re-implements inaccurate PMD rule violations • 62 implemented PMD rule definitions • Defines new rules • 8 new rule definitions • Precise and efficient • A module of SourceMeter • Supports Ant and Maven integration • Is part of the SourceMeter for SonarQube plugin
Advanced Static Analysis source code analysis source code abstract syntax tree coding issue warnings analysis modeling modeling PMD Fault Hunter Few warnings found More true positive warningsabstract semantic graph
PMD Shared FaultHunter ArgoUML 484 31% 1,086 531 34% Cobertura 195 5% 4,121 7,689 178% Eclipse 6,867 19% 28,661 65,773 185% GWT 1,166 17% 5,533 2,021 30% Hibernate 560 17% 2,829 2,170 64% Jenkins 430 24% 1,399 2,649 145% Log4j2 120 22% 431 145 26% PMD 113 6% 1,815 2,112 110% Spring-Framework 1,206 26% 3,497 1,219 26% Tomcat 859 19% 3,728 4,241 92% … … … … … … Total 51,107 14% 308,339 358,543 100% • 217 open source software systems analyzed Results
2014.08.01. FrontEndART.com 19 Results -100% -50% 0% 50% 100% 150% 200% 250% 300% 350% PMD FH PMD FH PMD FH PMD FH PMD FH PMD FH PMD FH ArgoUMLHibernateJenkinsLog4j Spring- FrameworkTomcatTotal Shared PMD FaultHunter
2014.08.01. FrontEndART.com 20 Rule FP TN Rule FP TN AvoidCatchingNPE 3% 0% CloseResource 27% 45% AvoidCatchingThrowable 0% 2% DefaultLabelNotLastInSwitchStmt 0% 2% AvoidDeeplyNestedIfStmts 99% 21% EmptyCatchBlock 49% 0% AddEmptyString 0% 0% EmptyFinallyBlock 0% 175% AvoidInstanceofChecksInCatchClause 1% 1% EmptyIfStmt 14% 6% ArrayIsStoredDirectly - - EmptySynchronizedBlock 0% 0% AvoidPrintStackTrace 12% 2% EmptySwitchStatements - - AvoidRethrowingException 51% 0% EmptyTryBlock 0% 0% AvoidThrowingNullPointerException 2% 4% EmptyWhileStmt 60% 0% AvoidThrowingRawExceptionTypes 2% 32% ForLoopsMustUseBraces - - BooleanGetMethodName 0% 0% IfElseStmtsMustUseBraces 25% 397% BooleanInstantiation 1% 1% IntegerInstantiation 2% 1% BigIntegerInstantiation 1% 42% LooseCoupling 16% 134% ByteInstantiation 0% 0% LongInstantiation 1% 0% Results by rule violation types
2014.08.01. FrontEndART.com 21 Results by rule violation types Rule FP TN Rule FP TN MissingBreakInSwitch 88% 67% UseArrayListInsteadOfVector 27% 98% MethodWithSameNameAsEnclosingClass 0% 0% UncommentedEmptyMethod 28% 3% MethodNamingConventions 0% 2% UseEqualsToCompareStrings 2% 105% PositionLiteralsFirstInComparisons 6% 75% UnnecessaryLocalBeforeReturn 8% 55% PreserveStackTrace 1% 35% UnusedLocalVariable 2% 551% ReplaceHashtableWithMap 7% 7% UseLocaleWithCaseConversions 12% 77% ReplaceVectorWithList 5% 30% UselessOverridingMethod 29% 42% SimplifyConditional 13% 10% UnusedPrivateField 3% 439% SimpleDateFormatNeedsLocale 6% 2% UnusedPrivateMethod 2% 235% SuspiciousHashcodeMethodName UseStringBufferForStringAppends 21% 7% ShortInstantiation 0% 0% UnusedImports 0% 25% ShortMethodName 24% 0% WhileLoopsMustUseBraces SwitchStmtsShouldHaveDefault 0% 3%
Precise and Efficient 2014.08.01. FrontEndART.com 22  Uses 50% more memory than PMD on the same source set  Runs 50% longer than PMD on the same source set  BUT! • Finds 99.97% more faults than PMD • Skips 14.92% of false positive warnings
Examples 2014.08.01. FrontEndART.com 23 • org.eclipse.ui.forms/src/org/eclipse/ui/forms/DetailsPart.java EIF – Empty If Statement PMD misses it, FaultHunter doesn’t. True Negative What was the programmer’s intention? Did they simply forget to code the instructions?  Potential threat!
Examples 2014.08.01. FrontEndART.com 24 • org.eclipse.ui.workbench/Eclipse UI/org/eclipse/ui/internal/WorkbenchWindow.java BGMN – Boolean Get Method Name PMD misses it, FaultHunter doesn’t. True Negative • org.eclipse.ui.ide/src/org/eclipse/ui/internal/ide/misc/ ProjectCapabilitySelectionGroup.java Issue: JavaEE, SpringFramework searches for getters like isShellActivated() or isModified()  Error!
Examples 2014.08.01. FrontEndART.com 25 • Tomcat/java/org/apache/catalina/core/ApplicationFilterConfig.java USBFSA – Use String Buffer For String Appends PMD finds it, FaultHunter doesn’t. False Positive Totally irrelevant warning
Examples 2014.08.01. FrontEndART.com 26 • org.eclipse.core.resources/src/org/eclipse/core/internal/events/ NotificationManager.java MBIS – Missing Break In Switch PMD misses it, FaultHunter doesn’t. True Negative Why is the break statement missing?  It was intentional, as the comment indicates.
Examples 2014.08.01. FrontEndART.com 27 • Log4jsrcmainjavaorgapachelog4jNDC.java Is it really necessary to use the thread-safe Vector class? If this is not the case, we can use the ArrayList class which offers a much faster implementation with the same functionality. (Collections.synchronizedList(…) can be used in a multi-threaded environment too!)  Comment indicates that developers see the problem as well. UALIOV – Use Array List Instead Of Vector PMD misses it, FaultHunter doesn’t. True Negative
Examples 2014.08.01. FrontEndART.com 28 • openejb-4.5.2/org/apache/openejb/server/cxf/rs/CustomProviderTest.java ACNPE – Avoid Catching NullPointerException PMD misses it, FaultHunter doesn’t. True Negative • xalan-2.7/src/org/apache/xpath/jaxp/XPathImpl.java SMN – Short Method Name PMD misses it, FaultHunter doesn’t. True Negative • Spring-Framework/spring-beans/src/test/java/org/springframework/tests/sample/beans/TestBean.java ACNPE Avoid Throwing Raw Exception Types PMD misses it, FaultHunter doesn’t. True Negative
Examples 2014.08.01. FrontEndART.com 29 • ApacheDS/core-pi/src/test/java/org/apache/directory/server/core/api/changelog/ TagTest.java Position Literals First In Comparisons PMD finds it, FaultHunter doesn’t. False Positive Totally irrelevant warning.

Recommended

QA Fest 2018. Ярослав Пернеровский. Test Automation Pyramid, how it ruins you...
QA Fest 2018. Ярослав Пернеровский. Test Automation Pyramid, how it ruins you...QA Fest 2018. Ярослав Пернеровский. Test Automation Pyramid, how it ruins you...
QA Fest 2018. Ярослав Пернеровский. Test Automation Pyramid, how it ruins you...QAFest
 
150412 38 beamer methods of binary analysis
150412 38 beamer methods of binary analysis150412 38 beamer methods of binary analysis
150412 38 beamer methods of binary analysisRaghu Palakodety
 
Typical errors in code on the example of C++, C#, and Java
Typical errors in code on the example of C++, C#, and JavaTypical errors in code on the example of C++, C#, and Java
Typical errors in code on the example of C++, C#, and JavaAndrey Karpov
 
Exception handling in java
Exception handling in javaException handling in java
Exception handling in javaAmbigaMurugesan
 
Itp 120 Chapt 18 2009 Exceptions & Assertions
Itp 120 Chapt 18 2009 Exceptions & AssertionsItp 120 Chapt 18 2009 Exceptions & Assertions
Itp 120 Chapt 18 2009 Exceptions & Assertionsphanleson
 
Exception handling in ASP .NET
Exception handling in ASP .NETException handling in ASP .NET
Exception handling in ASP .NETbaabtra.com - No. 1 supplier of quality freshers
 
Why Students Need the CppCat Code Analyzer
Why Students Need the CppCat Code AnalyzerWhy Students Need the CppCat Code Analyzer
Why Students Need the CppCat Code AnalyzerPVS-Studio
 
Static analysis as means of improving code quality
Static analysis as means of improving code quality Static analysis as means of improving code quality
Static analysis as means of improving code quality Andrey Karpov
 

Recommended

QA Fest 2018. Ярослав Пернеровский. Test Automation Pyramid, how it ruins you...
QA Fest 2018. Ярослав Пернеровский. Test Automation Pyramid, how it ruins you...QA Fest 2018. Ярослав Пернеровский. Test Automation Pyramid, how it ruins you...
QA Fest 2018. Ярослав Пернеровский. Test Automation Pyramid, how it ruins you...QAFest
 
150412 38 beamer methods of binary analysis
150412 38 beamer methods of binary analysis150412 38 beamer methods of binary analysis
150412 38 beamer methods of binary analysisRaghu Palakodety
 
Typical errors in code on the example of C++, C#, and Java
Typical errors in code on the example of C++, C#, and JavaTypical errors in code on the example of C++, C#, and Java
Typical errors in code on the example of C++, C#, and JavaAndrey Karpov
 
Exception handling in java
Exception handling in javaException handling in java
Exception handling in javaAmbigaMurugesan
 
Itp 120 Chapt 18 2009 Exceptions & Assertions
Itp 120 Chapt 18 2009 Exceptions & AssertionsItp 120 Chapt 18 2009 Exceptions & Assertions
Itp 120 Chapt 18 2009 Exceptions & Assertionsphanleson
 
Exception handling in ASP .NET
Exception handling in ASP .NETException handling in ASP .NET
Exception handling in ASP .NETbaabtra.com - No. 1 supplier of quality freshers
 
Why Students Need the CppCat Code Analyzer
Why Students Need the CppCat Code AnalyzerWhy Students Need the CppCat Code Analyzer
Why Students Need the CppCat Code AnalyzerPVS-Studio
 
Static analysis as means of improving code quality
Static analysis as means of improving code quality Static analysis as means of improving code quality
Static analysis as means of improving code quality Andrey Karpov
 
OCP Java SE 8 Exam - Sample Questions - Java Streams API
OCP Java SE 8 Exam - Sample Questions - Java Streams APIOCP Java SE 8 Exam - Sample Questions - Java Streams API
OCP Java SE 8 Exam - Sample Questions - Java Streams APIGanesh Samarthyam
 
Java programming-Event Handling
Java programming-Event HandlingJava programming-Event Handling
Java programming-Event HandlingJava Programming
 
War of the Machines: PVS-Studio vs. TensorFlow
War of the Machines: PVS-Studio vs. TensorFlowWar of the Machines: PVS-Studio vs. TensorFlow
War of the Machines: PVS-Studio vs. TensorFlowPVS-Studio
 
Integrating on premise Line Of Business applications with CRM Online
Integrating on premise Line Of Business applications with CRM OnlineIntegrating on premise Line Of Business applications with CRM Online
Integrating on premise Line Of Business applications with CRM OnlineMicrosoft Developer Network (MSDN) - Belgium and Luxembourg
 
Ant Unit Your Functional Test
Ant Unit Your Functional TestAnt Unit Your Functional Test
Ant Unit Your Functional Testjimmy zhao
 
How to handle exceptions in Java Technology
How to handle exceptions in Java Technology How to handle exceptions in Java Technology
How to handle exceptions in Java Technology Prognoz Technologies Pvt. Ltd.
 
Java exception handling
Java exception handlingJava exception handling
Java exception handlingBHUVIJAYAVELU
 
Java: Exception
Java: ExceptionJava: Exception
Java: ExceptionTareq Hasan
 
Test
TestTest
TestEddie Kao
 
C# Exceptions Handling
C# Exceptions Handling C# Exceptions Handling
C# Exceptions Handling sharqiyem
 
Exception handling
Exception handlingException handling
Exception handlingIblesoft
 
Java exception
Java exception Java exception
Java exception Arati Gadgil
 
nullcon 2011 - Reversing MicroSoft patches to reveal vulnerable code
nullcon 2011 - Reversing MicroSoft patches to reveal vulnerable codenullcon 2011 - Reversing MicroSoft patches to reveal vulnerable code
nullcon 2011 - Reversing MicroSoft patches to reveal vulnerable coden|u - The Open Security Community
 
PVS-Studio Static Analyzer as a Tool for Protection against Zero-Day Vulnerab...
PVS-Studio Static Analyzer as a Tool for Protection against Zero-Day Vulnerab...PVS-Studio Static Analyzer as a Tool for Protection against Zero-Day Vulnerab...
PVS-Studio Static Analyzer as a Tool for Protection against Zero-Day Vulnerab...Andrey Karpov
 
Exception handling in asp.net
Exception handling in asp.netException handling in asp.net
Exception handling in asp.netNeelesh Shukla
 
Exceptions in Java
Exceptions in JavaExceptions in Java
Exceptions in JavaVadym Lotar
 
Exception handling
Exception handlingException handling
Exception handlingKarthik Sekar
 
Intro To AOP
Intro To AOPIntro To AOP
Intro To AOPelliando dias
 
Talos: Neutralizing Vulnerabilities with Security Workarounds for Rapid Respo...
Talos: Neutralizing Vulnerabilities with Security Workarounds for Rapid Respo...Talos: Neutralizing Vulnerabilities with Security Workarounds for Rapid Respo...
Talos: Neutralizing Vulnerabilities with Security Workarounds for Rapid Respo...Zhen Huang
 
Software Bugs A Software Architect Point Of View
Software Bugs A Software Architect Point Of ViewSoftware Bugs A Software Architect Point Of View
Software Bugs A Software Architect Point Of ViewShahzad
 
Exception Handling Java
Exception Handling JavaException Handling Java
Exception Handling Javaankitgarg_er
 
Best Coding Practices For Android Application Development
Best Coding Practices For Android Application DevelopmentBest Coding Practices For Android Application Development
Best Coding Practices For Android Application DevelopmentKetan Raval
 

More Related Content

What's hot

OCP Java SE 8 Exam - Sample Questions - Java Streams API
OCP Java SE 8 Exam - Sample Questions - Java Streams APIOCP Java SE 8 Exam - Sample Questions - Java Streams API
OCP Java SE 8 Exam - Sample Questions - Java Streams APIGanesh Samarthyam
 
Java programming-Event Handling
Java programming-Event HandlingJava programming-Event Handling
Java programming-Event HandlingJava Programming
 
War of the Machines: PVS-Studio vs. TensorFlow
War of the Machines: PVS-Studio vs. TensorFlowWar of the Machines: PVS-Studio vs. TensorFlow
War of the Machines: PVS-Studio vs. TensorFlowPVS-Studio
 
Ant Unit Your Functional Test
Ant Unit Your Functional TestAnt Unit Your Functional Test
Ant Unit Your Functional Testjimmy zhao
 
Java exception handling
Java exception handlingJava exception handling
Java exception handlingBHUVIJAYAVELU
 
C# Exceptions Handling
C# Exceptions Handling C# Exceptions Handling
C# Exceptions Handling sharqiyem
 
Exception handling
Exception handlingException handling
Exception handlingIblesoft
 
nullcon 2011 - Reversing MicroSoft patches to reveal vulnerable code
nullcon 2011 - Reversing MicroSoft patches to reveal vulnerable codenullcon 2011 - Reversing MicroSoft patches to reveal vulnerable code
nullcon 2011 - Reversing MicroSoft patches to reveal vulnerable coden|u - The Open Security Community
 
PVS-Studio Static Analyzer as a Tool for Protection against Zero-Day Vulnerab...
PVS-Studio Static Analyzer as a Tool for Protection against Zero-Day Vulnerab...PVS-Studio Static Analyzer as a Tool for Protection against Zero-Day Vulnerab...
PVS-Studio Static Analyzer as a Tool for Protection against Zero-Day Vulnerab...Andrey Karpov
 
Exception handling in asp.net
Exception handling in asp.netException handling in asp.net
Exception handling in asp.netNeelesh Shukla
 

What's hot (15)

OCP Java SE 8 Exam - Sample Questions - Java Streams API
OCP Java SE 8 Exam - Sample Questions - Java Streams APIOCP Java SE 8 Exam - Sample Questions - Java Streams API
OCP Java SE 8 Exam - Sample Questions - Java Streams API
 
Java programming-Event Handling
Java programming-Event HandlingJava programming-Event Handling
Java programming-Event Handling
 
War of the Machines: PVS-Studio vs. TensorFlow
War of the Machines: PVS-Studio vs. TensorFlowWar of the Machines: PVS-Studio vs. TensorFlow
War of the Machines: PVS-Studio vs. TensorFlow
 
Integrating on premise Line Of Business applications with CRM Online
Integrating on premise Line Of Business applications with CRM OnlineIntegrating on premise Line Of Business applications with CRM Online
Integrating on premise Line Of Business applications with CRM Online
 
Ant Unit Your Functional Test
Ant Unit Your Functional TestAnt Unit Your Functional Test
Ant Unit Your Functional Test
 
How to handle exceptions in Java Technology
How to handle exceptions in Java Technology How to handle exceptions in Java Technology
How to handle exceptions in Java Technology
 
Java exception handling
Java exception handlingJava exception handling
Java exception handling
 
Java: Exception
Java: ExceptionJava: Exception
Java: Exception
 
Test
TestTest
Test
 
C# Exceptions Handling
C# Exceptions Handling C# Exceptions Handling
C# Exceptions Handling
 
Exception handling
Exception handlingException handling
Exception handling
 
Java exception
Java exception Java exception
Java exception
 
nullcon 2011 - Reversing MicroSoft patches to reveal vulnerable code
nullcon 2011 - Reversing MicroSoft patches to reveal vulnerable codenullcon 2011 - Reversing MicroSoft patches to reveal vulnerable code
nullcon 2011 - Reversing MicroSoft patches to reveal vulnerable code
 
PVS-Studio Static Analyzer as a Tool for Protection against Zero-Day Vulnerab...
PVS-Studio Static Analyzer as a Tool for Protection against Zero-Day Vulnerab...PVS-Studio Static Analyzer as a Tool for Protection against Zero-Day Vulnerab...
PVS-Studio Static Analyzer as a Tool for Protection against Zero-Day Vulnerab...
 
Exception handling in asp.net
Exception handling in asp.netException handling in asp.net
Exception handling in asp.net
 

Similar to FaultHunter workshop (SourceMeter for SonarQube plugin module)

Exceptions in Java
Exceptions in JavaExceptions in Java
Exceptions in JavaVadym Lotar
 
Talos: Neutralizing Vulnerabilities with Security Workarounds for Rapid Respo...
Talos: Neutralizing Vulnerabilities with Security Workarounds for Rapid Respo...Talos: Neutralizing Vulnerabilities with Security Workarounds for Rapid Respo...
Talos: Neutralizing Vulnerabilities with Security Workarounds for Rapid Respo...Zhen Huang
 
Software Bugs A Software Architect Point Of View
Software Bugs A Software Architect Point Of ViewSoftware Bugs A Software Architect Point Of View
Software Bugs A Software Architect Point Of ViewShahzad
 
Exception Handling Java
Exception Handling JavaException Handling Java
Exception Handling Javaankitgarg_er
 
Best Coding Practices For Android Application Development
Best Coding Practices For Android Application DevelopmentBest Coding Practices For Android Application Development
Best Coding Practices For Android Application DevelopmentKetan Raval
 
debuggingSession.pptx
debuggingSession.pptxdebuggingSession.pptx
debuggingSession.pptxmarawanwael
 
Lecture 3.1.1 Try Throw Catch.pptx
Lecture 3.1.1 Try Throw Catch.pptxLecture 3.1.1 Try Throw Catch.pptx
Lecture 3.1.1 Try Throw Catch.pptxsunilsoni446112
 
exception-handling-in-java.ppt
exception-handling-in-java.pptexception-handling-in-java.ppt
exception-handling-in-java.pptSanthiNivas
 
Parasoft .TEST, Write better C# Code Using Data Flow Analysis
Parasoft .TEST, Write better C# Code Using Data Flow Analysis Parasoft .TEST, Write better C# Code Using Data Flow Analysis
Parasoft .TEST, Write better C# Code Using Data Flow Analysis Engineering Software Lab
 
Lecture 1 Try Throw Catch.pptx
Lecture 1 Try Throw Catch.pptxLecture 1 Try Throw Catch.pptx
Lecture 1 Try Throw Catch.pptxVishuSaini22
 
Defect Tracking Software Project Presentation
Defect Tracking Software Project PresentationDefect Tracking Software Project Presentation
Defect Tracking Software Project PresentationShiv Prakash
 
exception-handling-in-java.ppt
exception-handling-in-java.pptexception-handling-in-java.ppt
exception-handling-in-java.pptJAYESHRODGE
 
Static code analyzers as a DevSecOps solution
Static code analyzers as a DevSecOps solutionStatic code analyzers as a DevSecOps solution
Static code analyzers as a DevSecOps solutionAndrey Karpov
 
How to Design a Program Repair Bot? Insights from the Repairnator Project
How to Design a Program Repair Bot? Insights from the Repairnator ProjectHow to Design a Program Repair Bot? Insights from the Repairnator Project
How to Design a Program Repair Bot? Insights from the Repairnator ProjectSimon Urli
 

Similar to FaultHunter workshop (SourceMeter for SonarQube plugin module) (20)

Exceptions in Java
Exceptions in JavaExceptions in Java
Exceptions in Java
 
Exception handling
Exception handlingException handling
Exception handling
 
Intro To AOP
Intro To AOPIntro To AOP
Intro To AOP
 
Talos: Neutralizing Vulnerabilities with Security Workarounds for Rapid Respo...
Talos: Neutralizing Vulnerabilities with Security Workarounds for Rapid Respo...Talos: Neutralizing Vulnerabilities with Security Workarounds for Rapid Respo...
Talos: Neutralizing Vulnerabilities with Security Workarounds for Rapid Respo...
 
Software Bugs A Software Architect Point Of View
Software Bugs A Software Architect Point Of ViewSoftware Bugs A Software Architect Point Of View
Software Bugs A Software Architect Point Of View
 
Exception Handling Java
Exception Handling JavaException Handling Java
Exception Handling Java
 
Best Coding Practices For Android Application Development
Best Coding Practices For Android Application DevelopmentBest Coding Practices For Android Application Development
Best Coding Practices For Android Application Development
 
debuggingSession.pptx
debuggingSession.pptxdebuggingSession.pptx
debuggingSession.pptx
 
Lecture 3.1.1 Try Throw Catch.pptx
Lecture 3.1.1 Try Throw Catch.pptxLecture 3.1.1 Try Throw Catch.pptx
Lecture 3.1.1 Try Throw Catch.pptx
 
exception-handling-in-java.ppt
exception-handling-in-java.pptexception-handling-in-java.ppt
exception-handling-in-java.ppt
 
Parasoft .TEST, Write better C# Code Using Data Flow Analysis
Parasoft .TEST, Write better C# Code Using Data Flow Analysis Parasoft .TEST, Write better C# Code Using Data Flow Analysis
Parasoft .TEST, Write better C# Code Using Data Flow Analysis
 
Lecture 1 Try Throw Catch.pptx
Lecture 1 Try Throw Catch.pptxLecture 1 Try Throw Catch.pptx
Lecture 1 Try Throw Catch.pptx
 
Defect Tracking Software Project Presentation
Defect Tracking Software Project PresentationDefect Tracking Software Project Presentation
Defect Tracking Software Project Presentation
 
exception-handling-in-java.ppt
exception-handling-in-java.pptexception-handling-in-java.ppt
exception-handling-in-java.ppt
 
Salesforce static code analysis
Salesforce static code analysisSalesforce static code analysis
Salesforce static code analysis
 
Static code analyzers as a DevSecOps solution
Static code analyzers as a DevSecOps solutionStatic code analyzers as a DevSecOps solution
Static code analyzers as a DevSecOps solution
 
6-Error Handling.pptx
6-Error Handling.pptx6-Error Handling.pptx
6-Error Handling.pptx
 
How to Design a Program Repair Bot? Insights from the Repairnator Project
How to Design a Program Repair Bot? Insights from the Repairnator ProjectHow to Design a Program Repair Bot? Insights from the Repairnator Project
How to Design a Program Repair Bot? Insights from the Repairnator Project
 
CS3391 -OOP -UNIT – III NOTES FINAL.pdf
CS3391 -OOP -UNIT – III NOTES FINAL.pdfCS3391 -OOP -UNIT – III NOTES FINAL.pdf
CS3391 -OOP -UNIT – III NOTES FINAL.pdf
 
Exception handling in .net
Exception handling in .netException handling in .net
Exception handling in .net
 

Recently uploaded

ManageIQ - Sprint 236 Review - Slide Deck
ManageIQ - Sprint 236 Review - Slide DeckManageIQ - Sprint 236 Review - Slide Deck
ManageIQ - Sprint 236 Review - Slide DeckManageIQ
 
Pharm-D Biostatistics and Research methodology
Pharm-D Biostatistics and Research methodologyPharm-D Biostatistics and Research methodology
Pharm-D Biostatistics and Research methodologyAnusha Are
 
%in Bahrain+277-882-255-28 abortion pills for sale in Bahrain
%in Bahrain+277-882-255-28 abortion pills for sale in Bahrain%in Bahrain+277-882-255-28 abortion pills for sale in Bahrain
%in Bahrain+277-882-255-28 abortion pills for sale in Bahrainmasabamasaba
 
+971565801893>>SAFE AND ORIGINAL ABORTION PILLS FOR SALE IN DUBAI AND ABUDHAB...
+971565801893>>SAFE AND ORIGINAL ABORTION PILLS FOR SALE IN DUBAI AND ABUDHAB...+971565801893>>SAFE AND ORIGINAL ABORTION PILLS FOR SALE IN DUBAI AND ABUDHAB...
+971565801893>>SAFE AND ORIGINAL ABORTION PILLS FOR SALE IN DUBAI AND ABUDHAB...Health
 
%in kaalfontein+277-882-255-28 abortion pills for sale in kaalfontein
%in kaalfontein+277-882-255-28 abortion pills for sale in kaalfontein%in kaalfontein+277-882-255-28 abortion pills for sale in kaalfontein
%in kaalfontein+277-882-255-28 abortion pills for sale in kaalfonteinmasabamasaba
 
Azure_Native_Qumulo_High_Performance_Compute_Benchmarks.pdf
Azure_Native_Qumulo_High_Performance_Compute_Benchmarks.pdfAzure_Native_Qumulo_High_Performance_Compute_Benchmarks.pdf
Azure_Native_Qumulo_High_Performance_Compute_Benchmarks.pdfryanfarris8
 
MarTech Trend 2024 Book : Marketing Technology Trends (2024 Edition) How Data...
MarTech Trend 2024 Book : Marketing Technology Trends (2024 Edition) How Data...MarTech Trend 2024 Book : Marketing Technology Trends (2024 Edition) How Data...
MarTech Trend 2024 Book : Marketing Technology Trends (2024 Edition) How Data...Jittipong Loespradit
 
AI & Machine Learning Presentation Template
AI & Machine Learning Presentation TemplateAI & Machine Learning Presentation Template
AI & Machine Learning Presentation TemplatePresentation.STUDIO
 
OpenChain - The Ramifications of ISO/IEC 5230 and ISO/IEC 18974 for Legal Pro...
OpenChain - The Ramifications of ISO/IEC 5230 and ISO/IEC 18974 for Legal Pro...OpenChain - The Ramifications of ISO/IEC 5230 and ISO/IEC 18974 for Legal Pro...
OpenChain - The Ramifications of ISO/IEC 5230 and ISO/IEC 18974 for Legal Pro...Shane Coughlan
 
The Ultimate Test Automation Guide_ Best Practices and Tips.pdf
The Ultimate Test Automation Guide_ Best Practices and Tips.pdfThe Ultimate Test Automation Guide_ Best Practices and Tips.pdf
The Ultimate Test Automation Guide_ Best Practices and Tips.pdfkalichargn70th171
 
Crypto Cloud Review - How To Earn Up To $500 Per DAY Of Bitcoin 100% On AutoP...
Crypto Cloud Review - How To Earn Up To $500 Per DAY Of Bitcoin 100% On AutoP...Crypto Cloud Review - How To Earn Up To $500 Per DAY Of Bitcoin 100% On AutoP...
Crypto Cloud Review - How To Earn Up To $500 Per DAY Of Bitcoin 100% On AutoP...SelfMade bd
 
Shapes for Sharing between Graph Data Spaces - and Epistemic Querying of RDF-...
Shapes for Sharing between Graph Data Spaces - and Epistemic Querying of RDF-...Shapes for Sharing between Graph Data Spaces - and Epistemic Querying of RDF-...
Shapes for Sharing between Graph Data Spaces - and Epistemic Querying of RDF-...Steffen Staab
 
The Guide to Integrating Generative AI into Unified Continuous Testing Platfo...
The Guide to Integrating Generative AI into Unified Continuous Testing Platfo...The Guide to Integrating Generative AI into Unified Continuous Testing Platfo...
The Guide to Integrating Generative AI into Unified Continuous Testing Platfo...kalichargn70th171
 
HR Software Buyers Guide in 2024 - HRSoftware.com
HR Software Buyers Guide in 2024 - HRSoftware.comHR Software Buyers Guide in 2024 - HRSoftware.com
HR Software Buyers Guide in 2024 - HRSoftware.comFatema Valibhai
 
%in Stilfontein+277-882-255-28 abortion pills for sale in Stilfontein
%in Stilfontein+277-882-255-28 abortion pills for sale in Stilfontein%in Stilfontein+277-882-255-28 abortion pills for sale in Stilfontein
%in Stilfontein+277-882-255-28 abortion pills for sale in Stilfonteinmasabamasaba
 
TECUNIQUE: Success Stories: IT Service provider
TECUNIQUE: Success Stories: IT Service providerTECUNIQUE: Success Stories: IT Service provider
TECUNIQUE: Success Stories: IT Service providermohitmore19
 
%in tembisa+277-882-255-28 abortion pills for sale in tembisa
%in tembisa+277-882-255-28 abortion pills for sale in tembisa%in tembisa+277-882-255-28 abortion pills for sale in tembisa
%in tembisa+277-882-255-28 abortion pills for sale in tembisamasabamasaba
 
Unveiling the Tech Salsa of LAMs with Janus in Real-Time Applications
Unveiling the Tech Salsa of LAMs with Janus in Real-Time ApplicationsUnveiling the Tech Salsa of LAMs with Janus in Real-Time Applications
Unveiling the Tech Salsa of LAMs with Janus in Real-Time ApplicationsAlberto González Trastoy
 
Introducing Microsoft’s new Enterprise Work Management (EWM) Solution
Introducing Microsoft’s new Enterprise Work Management (EWM) SolutionIntroducing Microsoft’s new Enterprise Work Management (EWM) Solution
Introducing Microsoft’s new Enterprise Work Management (EWM) SolutionOnePlan Solutions
 

Recently uploaded (20)

ManageIQ - Sprint 236 Review - Slide Deck
ManageIQ - Sprint 236 Review - Slide DeckManageIQ - Sprint 236 Review - Slide Deck
ManageIQ - Sprint 236 Review - Slide Deck
 
Pharm-D Biostatistics and Research methodology
Pharm-D Biostatistics and Research methodologyPharm-D Biostatistics and Research methodology
Pharm-D Biostatistics and Research methodology
 
%in Bahrain+277-882-255-28 abortion pills for sale in Bahrain
%in Bahrain+277-882-255-28 abortion pills for sale in Bahrain%in Bahrain+277-882-255-28 abortion pills for sale in Bahrain
%in Bahrain+277-882-255-28 abortion pills for sale in Bahrain
 
+971565801893>>SAFE AND ORIGINAL ABORTION PILLS FOR SALE IN DUBAI AND ABUDHAB...
+971565801893>>SAFE AND ORIGINAL ABORTION PILLS FOR SALE IN DUBAI AND ABUDHAB...+971565801893>>SAFE AND ORIGINAL ABORTION PILLS FOR SALE IN DUBAI AND ABUDHAB...
+971565801893>>SAFE AND ORIGINAL ABORTION PILLS FOR SALE IN DUBAI AND ABUDHAB...
 
%in kaalfontein+277-882-255-28 abortion pills for sale in kaalfontein
%in kaalfontein+277-882-255-28 abortion pills for sale in kaalfontein%in kaalfontein+277-882-255-28 abortion pills for sale in kaalfontein
%in kaalfontein+277-882-255-28 abortion pills for sale in kaalfontein
 
Azure_Native_Qumulo_High_Performance_Compute_Benchmarks.pdf
Azure_Native_Qumulo_High_Performance_Compute_Benchmarks.pdfAzure_Native_Qumulo_High_Performance_Compute_Benchmarks.pdf
Azure_Native_Qumulo_High_Performance_Compute_Benchmarks.pdf
 
MarTech Trend 2024 Book : Marketing Technology Trends (2024 Edition) How Data...
MarTech Trend 2024 Book : Marketing Technology Trends (2024 Edition) How Data...MarTech Trend 2024 Book : Marketing Technology Trends (2024 Edition) How Data...
MarTech Trend 2024 Book : Marketing Technology Trends (2024 Edition) How Data...
 
AI & Machine Learning Presentation Template
AI & Machine Learning Presentation TemplateAI & Machine Learning Presentation Template
AI & Machine Learning Presentation Template
 
OpenChain - The Ramifications of ISO/IEC 5230 and ISO/IEC 18974 for Legal Pro...
OpenChain - The Ramifications of ISO/IEC 5230 and ISO/IEC 18974 for Legal Pro...OpenChain - The Ramifications of ISO/IEC 5230 and ISO/IEC 18974 for Legal Pro...
OpenChain - The Ramifications of ISO/IEC 5230 and ISO/IEC 18974 for Legal Pro...
 
The Ultimate Test Automation Guide_ Best Practices and Tips.pdf
The Ultimate Test Automation Guide_ Best Practices and Tips.pdfThe Ultimate Test Automation Guide_ Best Practices and Tips.pdf
The Ultimate Test Automation Guide_ Best Practices and Tips.pdf
 
Crypto Cloud Review - How To Earn Up To $500 Per DAY Of Bitcoin 100% On AutoP...
Crypto Cloud Review - How To Earn Up To $500 Per DAY Of Bitcoin 100% On AutoP...Crypto Cloud Review - How To Earn Up To $500 Per DAY Of Bitcoin 100% On AutoP...
Crypto Cloud Review - How To Earn Up To $500 Per DAY Of Bitcoin 100% On AutoP...
 
Shapes for Sharing between Graph Data Spaces - and Epistemic Querying of RDF-...
Shapes for Sharing between Graph Data Spaces - and Epistemic Querying of RDF-...Shapes for Sharing between Graph Data Spaces - and Epistemic Querying of RDF-...
Shapes for Sharing between Graph Data Spaces - and Epistemic Querying of RDF-...
 
CHEAP Call Girls in Pushp Vihar (-DELHI )🔝 9953056974🔝(=)/CALL GIRLS SERVICE
CHEAP Call Girls in Pushp Vihar (-DELHI )🔝 9953056974🔝(=)/CALL GIRLS SERVICECHEAP Call Girls in Pushp Vihar (-DELHI )🔝 9953056974🔝(=)/CALL GIRLS SERVICE
CHEAP Call Girls in Pushp Vihar (-DELHI )🔝 9953056974🔝(=)/CALL GIRLS SERVICE
 
The Guide to Integrating Generative AI into Unified Continuous Testing Platfo...
The Guide to Integrating Generative AI into Unified Continuous Testing Platfo...The Guide to Integrating Generative AI into Unified Continuous Testing Platfo...
The Guide to Integrating Generative AI into Unified Continuous Testing Platfo...
 
HR Software Buyers Guide in 2024 - HRSoftware.com
HR Software Buyers Guide in 2024 - HRSoftware.comHR Software Buyers Guide in 2024 - HRSoftware.com
HR Software Buyers Guide in 2024 - HRSoftware.com
 
%in Stilfontein+277-882-255-28 abortion pills for sale in Stilfontein
%in Stilfontein+277-882-255-28 abortion pills for sale in Stilfontein%in Stilfontein+277-882-255-28 abortion pills for sale in Stilfontein
%in Stilfontein+277-882-255-28 abortion pills for sale in Stilfontein
 
TECUNIQUE: Success Stories: IT Service provider
TECUNIQUE: Success Stories: IT Service providerTECUNIQUE: Success Stories: IT Service provider
TECUNIQUE: Success Stories: IT Service provider
 
%in tembisa+277-882-255-28 abortion pills for sale in tembisa
%in tembisa+277-882-255-28 abortion pills for sale in tembisa%in tembisa+277-882-255-28 abortion pills for sale in tembisa
%in tembisa+277-882-255-28 abortion pills for sale in tembisa
 
Unveiling the Tech Salsa of LAMs with Janus in Real-Time Applications
Unveiling the Tech Salsa of LAMs with Janus in Real-Time ApplicationsUnveiling the Tech Salsa of LAMs with Janus in Real-Time Applications
Unveiling the Tech Salsa of LAMs with Janus in Real-Time Applications
 
Introducing Microsoft’s new Enterprise Work Management (EWM) Solution
Introducing Microsoft’s new Enterprise Work Management (EWM) SolutionIntroducing Microsoft’s new Enterprise Work Management (EWM) Solution
Introducing Microsoft’s new Enterprise Work Management (EWM) Solution
 

FaultHunter workshop (SourceMeter for SonarQube plugin module)

  • 1.
  • 2. Coding Rule Violations Gábor Szőke PhD Student University of Szeged www.sed.hu 2014.04.02. FrontEndART.com 2
  • 3. What do we call Coding Rule Violations? 2014.08.01. FrontEndART.com 3 • Source code patterns which indicate potential faults • These patterns come from actual bugs and include • Common programming mistakes • Bad programming habits • Performance issues • The patterns are gathered by developer communities • Documented Eclipse bug fixes • Chapters of the Effective Java book • Blog posts on the http://thedailywtf.com website
  • 4. Bugs? Come on! 2014.08.01. FrontEndART.com 4 • Developers are smart. • Smart people don’t make dumb mistakes. • WRONG! • Smart people do make dumb mistakes. • Common issues: • Wrong boolean operator, missing parenthesis, etc. • Misunderstood class or method invariants
  • 5. Can You Find The Bug? 2014.08.01. FrontEndART.com 5 JDK 1.6.0, b105, sun.awt.x11.XMSelection if (listeners == null) listeners.remove(listener);
  • 6. Control Flow Conventions Performance Open Stream Suspicious Equals Method Use Arrays As List Avoid Catching NPE Naming Conventions Unused Constructor StringBuffer Instead Of Concat Npath Complexity Unused Imports Empty Catch Block Cloneable Implementation Too Many Fields 2014.08.01. FrontEndART.com 6 Some Frequent Anti-Pattern Categories
  • 7. Example 2014.08.01. FrontEndART.com 7 • libsecurity_ssl/lib/sslKeyExchange.c OpenSSL bug
  • 8. Example 2014.08.01. FrontEndART.com 8 • libsecurity_ssl/lib/sslKeyExchange.c IESMUB – If-Else Stmts Must Use Braces #gotofail
  • 9. Popular Solutions 2014.08.01. FrontEndART.com 9 • CheckStyle  Coding standard checker  Highly configurable × Small amount of implemented rules × Rules are mostly for style conventions, not for fault prevention • FindBugs  Looks for bugs in Java code  Finds NPEs, typos, inconsistencies × A lot of irrelevant warnings × Does not show the roots of the problems • PMD  Open-source code violation checker  Many rules × A lot of irrelevant warnings × Several significant warning are not found
  • 10. Pros and Cons Relevant warning  Issues are found during development  Trains developers (lots of skills can be learned from following coding rules!)  Reduces project costs  Increases efficiency Irrelevant warning  Creates work overhead  Developers will start ignoring coding issue warnings  Causes stress  Convinces developers that the code lacks actual coding issues even when there are a lot. 2014.08.01. FrontEndART.com 10
  • 11. Can You Find The Bug? 2014.08.01. FrontEndART.com 11 // com.sun.xml.internal.txw2.output.XMLWriter try { … } catch (IOException e) { new SAXException(”Server side Exception:” + e); } // com.sun.xml.internal.txw2.output.XMLWriter try { … } catch (IOException e) { throw new SAXException(”Server side Exception:” + e); }
  • 12. False Positive and True Negative hits 2014.08.01. FrontEndART.com 12 Found Faults Faults Not Faults True Negative False Positive Solution?
  • 13. False Positive and True Negative hits 2014.08.01. FrontEndART.com 13 Found Faults Faults Not Faults True Negative False Positive We need a bigger boat!
  • 14. False Positive and True Negative hits 2014.08.01. FrontEndART.com 14 Found Faults Faults Not Faults True Negative False Positive We need a bigger boat!
  • 15. FaultHunter SourceMeter plugin for SonarQube 2014.08.01. FrontEndART.com 15
  • 16. FaultHunter 2014.08.01. FrontEndART.com 16 • Advanced static analysis engine • Re-implements inaccurate PMD rule violations • 62 implemented PMD rule definitions • Defines new rules • 8 new rule definitions • Precise and efficient • A module of SourceMeter • Supports Ant and Maven integration • Is part of the SourceMeter for SonarQube plugin
  • 17. Advanced Static Analysis source code analysis source code abstract syntax tree coding issue warnings analysis modeling modeling PMD Fault Hunter Few warnings found More true positive warningsabstract semantic graph
  • 18. PMD Shared FaultHunter ArgoUML 484 31% 1,086 531 34% Cobertura 195 5% 4,121 7,689 178% Eclipse 6,867 19% 28,661 65,773 185% GWT 1,166 17% 5,533 2,021 30% Hibernate 560 17% 2,829 2,170 64% Jenkins 430 24% 1,399 2,649 145% Log4j2 120 22% 431 145 26% PMD 113 6% 1,815 2,112 110% Spring-Framework 1,206 26% 3,497 1,219 26% Tomcat 859 19% 3,728 4,241 92% … … … … … … Total 51,107 14% 308,339 358,543 100% • 217 open source software systems analyzed Results
  • 19. 2014.08.01. FrontEndART.com 19 Results -100% -50% 0% 50% 100% 150% 200% 250% 300% 350% PMD FH PMD FH PMD FH PMD FH PMD FH PMD FH PMD FH ArgoUMLHibernateJenkinsLog4j Spring- FrameworkTomcatTotal Shared PMD FaultHunter
  • 20. 2014.08.01. FrontEndART.com 20 Rule FP TN Rule FP TN AvoidCatchingNPE 3% 0% CloseResource 27% 45% AvoidCatchingThrowable 0% 2% DefaultLabelNotLastInSwitchStmt 0% 2% AvoidDeeplyNestedIfStmts 99% 21% EmptyCatchBlock 49% 0% AddEmptyString 0% 0% EmptyFinallyBlock 0% 175% AvoidInstanceofChecksInCatchClause 1% 1% EmptyIfStmt 14% 6% ArrayIsStoredDirectly - - EmptySynchronizedBlock 0% 0% AvoidPrintStackTrace 12% 2% EmptySwitchStatements - - AvoidRethrowingException 51% 0% EmptyTryBlock 0% 0% AvoidThrowingNullPointerException 2% 4% EmptyWhileStmt 60% 0% AvoidThrowingRawExceptionTypes 2% 32% ForLoopsMustUseBraces - - BooleanGetMethodName 0% 0% IfElseStmtsMustUseBraces 25% 397% BooleanInstantiation 1% 1% IntegerInstantiation 2% 1% BigIntegerInstantiation 1% 42% LooseCoupling 16% 134% ByteInstantiation 0% 0% LongInstantiation 1% 0% Results by rule violation types
  • 21. 2014.08.01. FrontEndART.com 21 Results by rule violation types Rule FP TN Rule FP TN MissingBreakInSwitch 88% 67% UseArrayListInsteadOfVector 27% 98% MethodWithSameNameAsEnclosingClass 0% 0% UncommentedEmptyMethod 28% 3% MethodNamingConventions 0% 2% UseEqualsToCompareStrings 2% 105% PositionLiteralsFirstInComparisons 6% 75% UnnecessaryLocalBeforeReturn 8% 55% PreserveStackTrace 1% 35% UnusedLocalVariable 2% 551% ReplaceHashtableWithMap 7% 7% UseLocaleWithCaseConversions 12% 77% ReplaceVectorWithList 5% 30% UselessOverridingMethod 29% 42% SimplifyConditional 13% 10% UnusedPrivateField 3% 439% SimpleDateFormatNeedsLocale 6% 2% UnusedPrivateMethod 2% 235% SuspiciousHashcodeMethodName UseStringBufferForStringAppends 21% 7% ShortInstantiation 0% 0% UnusedImports 0% 25% ShortMethodName 24% 0% WhileLoopsMustUseBraces SwitchStmtsShouldHaveDefault 0% 3%
  • 22. Precise and Efficient 2014.08.01. FrontEndART.com 22  Uses 50% more memory than PMD on the same source set  Runs 50% longer than PMD on the same source set  BUT! • Finds 99.97% more faults than PMD • Skips 14.92% of false positive warnings
  • 23. Examples 2014.08.01. FrontEndART.com 23 • org.eclipse.ui.forms/src/org/eclipse/ui/forms/DetailsPart.java EIF – Empty If Statement PMD misses it, FaultHunter doesn’t. True Negative What was the programmer’s intention? Did they simply forget to code the instructions?  Potential threat!
  • 24. Examples 2014.08.01. FrontEndART.com 24 • org.eclipse.ui.workbench/Eclipse UI/org/eclipse/ui/internal/WorkbenchWindow.java BGMN – Boolean Get Method Name PMD misses it, FaultHunter doesn’t. True Negative • org.eclipse.ui.ide/src/org/eclipse/ui/internal/ide/misc/ ProjectCapabilitySelectionGroup.java Issue: JavaEE, SpringFramework searches for getters like isShellActivated() or isModified()  Error!
  • 25. Examples 2014.08.01. FrontEndART.com 25 • Tomcat/java/org/apache/catalina/core/ApplicationFilterConfig.java USBFSA – Use String Buffer For String Appends PMD finds it, FaultHunter doesn’t. False Positive Totally irrelevant warning
  • 26. Examples 2014.08.01. FrontEndART.com 26 • org.eclipse.core.resources/src/org/eclipse/core/internal/events/ NotificationManager.java MBIS – Missing Break In Switch PMD misses it, FaultHunter doesn’t. True Negative Why is the break statement missing?  It was intentional, as the comment indicates.
  • 27. Examples 2014.08.01. FrontEndART.com 27 • Log4jsrcmainjavaorgapachelog4jNDC.java Is it really necessary to use the thread-safe Vector class? If this is not the case, we can use the ArrayList class which offers a much faster implementation with the same functionality. (Collections.synchronizedList(…) can be used in a multi-threaded environment too!)  Comment indicates that developers see the problem as well. UALIOV – Use Array List Instead Of Vector PMD misses it, FaultHunter doesn’t. True Negative
  • 28. Examples 2014.08.01. FrontEndART.com 28 • openejb-4.5.2/org/apache/openejb/server/cxf/rs/CustomProviderTest.java ACNPE – Avoid Catching NullPointerException PMD misses it, FaultHunter doesn’t. True Negative • xalan-2.7/src/org/apache/xpath/jaxp/XPathImpl.java SMN – Short Method Name PMD misses it, FaultHunter doesn’t. True Negative • Spring-Framework/spring-beans/src/test/java/org/springframework/tests/sample/beans/TestBean.java ACNPE Avoid Throwing Raw Exception Types PMD misses it, FaultHunter doesn’t. True Negative
  • 29. Examples 2014.08.01. FrontEndART.com 29 • ApacheDS/core-pi/src/test/java/org/apache/directory/server/core/api/changelog/ TagTest.java Position Literals First In Comparisons PMD finds it, FaultHunter doesn’t. False Positive Totally irrelevant warning.